Last Updated: 11:04AM EST
Recent Security News
Supreme Court Rules cell phone tower searches require warrant
The Supreme Court has ruled that cell phone tower searches require warrant. An earlier blog post covers this item.
Recent Security Events
EvilOSX has been observed attacking MAC systems
These attacks are being carried out using python based scripts which are easily detected. Event: 28763
VPNFilter Telnet Scans
Jigsaw Advanced Network Protection continues to see large amounts of VPNFilter activity. These attacks have been ongoing for several weeks and account for 80% of the IDS traffic we are observing on our distributed sensors. Customers using the Jigsaw Security protection model, FirstWatch sensor and secure Internet gateway are not vulnerable to this attack. The biggest offender continues to be 209.141.57[.]203 which has been observed at nearly every Jigsaw customer site attempting to exploit the VPNFilter vulnerabilities. Many consumer level edge devices are vulnerable to this attack. We have included the vulnerable device list below for your reference.
One change is that this host is now observed doing VPNFilter, Remote Code Execution as well as Netcor Router Backdoors which shows that the activity of this threat actor has expanded from what was originally observed. Event: 28752
Vulnerable Devices:
LinkSys: E1200, E2500 and WRVS4400N
Mikrotik Routers: 1016, 1036, 1072
Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
QNap Devices: TS251, TS439 Pro, QNap NAS devices running QTS
TP-LINK Devices: R600VPN
Uptick in Activity of Jigsaw Domain Threat Feed
We are seeing an uptick in the number of blacklisted domains due to some email based attacks. We are just posting for awareness.
Necurs Botnet Activity
In addition to VPNFilter we are also seeing Necurs botnet activity. Event: 28766